Created attachment 180949 [details] patch Document multiple vulnerabilities fixed in hostapd 2.6. Document CVE-2015-5314 and CVE-2016-4476 affecting hostapd versions prior to 2.6.
I just submitted PR 217907 which upgrades hostapd to 2.6 and solves the vulnerabilities listed in this PR.
A commit references this bug: Author: feld Date: Tue Mar 28 23:19:48 UTC 2017 New revision: 437174 URL: https://svnweb.freebsd.org/changeset/ports/437174 Log: Document hostapd vulnerabilities PR: 217906 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Thu Mar 30 01:47:42 UTC 2017 New revision: 437264 URL: https://svnweb.freebsd.org/changeset/ports/437264 Log: Actually, let's refer to the original entries for these hostapd CVEs Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5 PR: 217906 Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html Changes: head/security/vuxml/vuln.xml